etcdserver: don't attempt to grant nil permission to a role

Prevent etcd from crashing when given a bad grant payload, e.g.: $ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/add {"header":{"cluster_id":"14841639068965178418", ... $ curl -d '{"name": "foo"}' http://localhost:2379/v3/auth/role/grant curl: (52) Empty reply from server Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
2024-09-27 06:25:44 +00:00 · 2021-06-04 13:59:01 -07:00
parent abe57c1aed
commit e27effa250
4 changed files with 25 additions and 0 deletions
--- a/api/v3rpc/rpctypes/error.go
+++ b/api/v3rpc/rpctypes/error.go
@@ -58,6 +58,7 @@ var (
 	ErrGRPCRoleNotFound         = status.New(codes.FailedPrecondition, "etcdserver: role name not found").Err()
 	ErrGRPCRoleEmpty            = status.New(codes.InvalidArgument, "etcdserver: role name is empty").Err()
 	ErrGRPCAuthFailed           = status.New(codes.InvalidArgument, "etcdserver: authentication failed, invalid user ID or password").Err()
+	ErrGRPCPermissionNotGiven   = status.New(codes.InvalidArgument, "etcdserver: permission not given").Err()
 	ErrGRPCPermissionDenied     = status.New(codes.PermissionDenied, "etcdserver: permission denied").Err()
 	ErrGRPCRoleNotGranted       = status.New(codes.FailedPrecondition, "etcdserver: role is not granted to the user").Err()
 	ErrGRPCPermissionNotGranted = status.New(codes.FailedPrecondition, "etcdserver: permission is not granted to the role").Err()